Search Engine: Elastic

Article ID: 131903, created on Dec 12, 2017, last review on Dec 12, 2017

  • Applies to:
  • Operations Automation


DNS zones are not synchronized with the secondary NS node(s).

The following warnings are displayed on the DNS node:

[root@ns1 ~]# service named status
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
named (pid  22696) is running...

Update named tasks may fail and show the same output.


RNDC key is configured incorrectly.

The messages are warnings and hide the real errors behind the DNS tasks.


  1. Check permissions for /etc/rndc.key and /var/named/chroot/etc/rndc.key.

    [root@server ~]# ls -la /etc/rndc.key
    lrwxrwxrwx 1 root root 32 Oct  2 14:11 /etc/rndc.key -> /var/named/chroot/etc/rndc.key
    [root@server ~]# ls -la /var/named/run-root/etc/rndc.key
    -rw-r----- 1 root named 97 Oct  2 14:11 /var/named/chroot/etc/rndc.key
  2. Make sure that "rndc.key" value matches in both configuration files /etc/named.conf and /etc/rndc.conf:

    [root@server ~]# cat /etc/rndc.conf | grep rndc.key
    include "/etc/rndc.key";
            default-key "rndc-key";
    [root@server ~]# cat /etc/named.conf | grep rndc.key
    include "/etc/rndc.key";
            allow {; } keys { "rndc-key"; };
  3. If rndc.key value is defined explicitly, for example:

    key "rndc-key" {
            algorithm hmac-md5;
            secret "HfWnMPHYeYEjIKbv060myhayHEWVLg3JzCTvH4Ln5qg=";

    You need to make sure that corresponding values algorithm and secret values are identical in /etc/rndc.conf and /etc/named.conf configuration files.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF